Creating a Successful Business Continuity Plan: Key Elements to Consider

mark-516277_1920
According to the Institute for Business and Home Safety, 25% of businesses don’t reopen following a major disaster. Perhaps more alarming: the Federal Emergency Management Agency reports that 75% of companies without business continuity plans fail within 3 years of a disaster.
 
Where safeguarding your critical data is concerned, the stakes could not be higher. That’s why we at Optimal don’t only hear questions about establishing a business continuity plan, we ask them. Is your business prepared?
 
To answer this question, there are a number of elements to consider, which we’ll walk you through below.
 

The 5 Levels of Business Disaster

What kinds of disasters do you need to prepare for? In order from inconvenient to catastrophic, the five levels of disaster are:

  • An email or file is lost. Can you restore it? How quickly?
  • Your server fails. How quickly can you get it back up? Can you virtualize?
  • Your office is inaccessible. Can you access your network data remotely? How well?
  • Your office is destroyed. Does your entire infrastructure go down with it?
  • The entire city where your office is located is struck by disaster. Do you have any chance of staying afloat?

 

RPO and RTO

Once you’ve identified the different levels of disaster, it’s time to assess your own levels of tolerance. Since IT loves acronyms, this step can be summarized in two three-letter combinations:

  • RPO (Recovery Point Objective). What is your tolerance for lost data?
  • RTO (Recovery Time Objective). How much downtime can you afford in minutes? Hours? Days?

 
These, of course, will vary depending upon your industry, your dependence on technology, and your personal preference.  A law firm, for example, will typically have an incredibly strict RTO: if 100 lawyers billing at $200/hour can’t function, that firm is losing a very quantifiable $20,000 every single hour they’re down. On the other hand, a construction company might do just fine without access to their server for a day or two.
 
Match each level of disaster with your threshold for data loss, and look at what technologies or processes need to be in place to keep you within the boundaries you’ve set.
 

The Importance of a Written Plan for Disaster Scenarios

Once you have the necessary processes in place, put together a written plan that spells out exactly what would happen in different disaster scenarios.
 
Go into excruciating hypothetical detail with your plan:

-What, specifically, could happen to your organization?

-How exactly would this affect your network? Key applications?

-Will you need to alert your staff? How?

-Which vendors will you need to contact to begin remediation?

-What is each step in the recovery process?

-Who in your organization will be accountable?

It’s painstaking and it’s tedious, but it’s invaluable to the future of your organization in the event that one of these scenarios happens to make that leap from theory to reality.
 

Why Regular Testing of Your Disaster Plan Matters

Your plan may look excellent on paper, but you should only feel confident in your recovery plan after you’ve tested it. Is your backup technology taking snapshots of your server when it’s supposed to be? Can you virtualize a server on your backup device? How long does it take?
 
This step may be the most overlooked in the process; far too often organizations get a nasty wake-up call when they realize they can’t actually recover the way they thought they could.
 
We know that it’s not easy to dive so deeply into the doom and gloom of disaster, but there are few things more critical to an organization’s continued success as a robust business continuity plan.
 
You know the line: hope for the best, prepare for the worst.

Are you working on your organization's business continuity plan? Have you  identified your RPO and RTO, but your current technologies won't support them?  Let us know--we can help.